The Global Identity on Blockchain

Last weekend Team Blockwise in cooperation with Eugene Pavlenko took the third place at London Blockchain Hackathon, organized by Larson Digital and Future World Financial Holdings. We have
decided to publish the award-winning white paper.

Blokwise Global ID

Abstract

Any person’s identity data today is scattered across many different organisations and data silos. Regulators require businesses to perform extensive KYC checks thus complicating the life of
people. Moreover, 39% of the world’s population doesn’t have a bank account because they can’t prove their identity.

Any person can be reliably identified by a combination of his unique characteristics (e.g. biometry) and unique knowledge (e.g. passwords).

The difficulty with the knowledge is that no one can be sure who else knows the same things.

The Blockwise Global ID system is designed to address the following requirements:

- The person owns their identity (self-sovereign identity)

- The person is able to share any part of the data with any entity which requires the identity check in an easy and secured way (secured selective disclosure)

- The person can revoke the access to their data

- The person is guaranteed that no part of their identity, including biometric data, is used for any identification purposes without their consent

- The system can be used as a platform for storing and sharing any personal data, such as health records, educational records, credit scores, etc.

Biometrics

With all challenges of the biometric identification, biometry is the only way to reliably identify the person today. The biometric data cannot be stored in a blockchain smart contract because all
the data in contracts is public. Encryption is not a solution either as the biometric data has to be decrypted before use, which means it can be compromised at the moment of decryption. Biometric
data is fuzzy, the samples are always slightly different and therefore is it not possible to use traditional hash functions as the results will be dispersed and not comparable.

Blockwise proposed to use so-called Fuzzy Hash functions which, for similar arguments, produce hashes of the same degree of similarity in terms of Hamming weight.

3) The resulting hash is compared to the hash generated from the other sample

There are alternatives schemes available. Our research shows that the technology is mature enough to achieve reasonable accuracy.

Multi-factor Identity Check

We propose to create a ‘Hash Silo’ in the form of smart contract in Ethereum. This smart contract will store the hashes of the factual data (names, addresses, etc) and fuzzy hashes of the
biometric data (photos, fingerprints, etc). As all the data is hashed we are able to maintain anonymity and prevent any possible data misuse as all the hashes, including fuzzy hashes are
irreversible and therefore, it is not possible to recover the original data from the hashes. The hashes array is linked to the address of the smart contract containing the real ID data which is
encrypted to ID owner’s public key (Global ID contract).

Every time someone wants to check the identity by using any data, including biometric, the Hash Silo contract will inform the ID owner’s contract. Before the identity check is confirmed to the
requestor, Global ID contract will require the owner to digitally sign the consent.

The identity is therefore checked against the biometric data, the knowledge (password) and the ownership of the blockchain private key at the same time.

Governance

Governance is very important part of any globally distributed system. The blockchain is a perfect rule enforcement machine, but it has to be transparent who creates the rules to be enforced via
blockchain.

Identity data normally cannot be changed by the owner, for example, to change the name the person has to apply to the relevant authority. Some of the data, such as address, must be confirmed by a
reputable organisation, such as bank or utility provider. If the biometric data is collected, someone has to confirm that this particular biometric sample belongs to the particular person.

Personal data creation has to be regulated as well. For example, the health record can only be updated by the qualified healthcare provider. On the other hand, the person should have full
ownership over their personal data, including the ability to change healthcare provider or share the health records with another one or with an insurance company.

Our Governance smart contract defines the list of the organisations which have the rights to create or change identity data. Every organisation is entitled to update only the data it creates
throughout the life of a person. For example, DVLA can update the driving license data, while the City Hall can update the name or the date of birth, police can collect the fingerprints, etc. Any
operation they perform is authorised through multi-factor identity check on the blockchain.

The organisations entitled to create or change the identity data form so-called ‘Governance Circle’.

Same principles work for the personal data. For example, health records can only be updated by a healthcare provider, educational records by an education provider etc.

There should be a Steering Committee which decides what organizations are to be added to the Governance Circle, define the types of organizations able to work with the personal data and certify
that the particular entity belongs to the particular type.

ID scoring

Through the course of life, any person communicates with the organizations from the Governance Circle. Every time the interaction happens, the identity data is being added to the Global ID. For
example, the name and date of birth can be added by the City Hall at birth, the photo can be updated by a passport issuing authority from time to time, the biometric data can be collected by the
police, etc.

Every such operation has associated score recorded in the Governance smart contract. The total score of an ID is the sum of the scores of all the data collection operations performed.

The scoring provides a convenient mechanism for the enterprises accepting Global IDs. For example, a bank can set up a threshold of ID score, so that the IDs having lower score are not accepted
while people having Global IDs of higher score can be served by the organization.

Another example: The Steering Committee may allow self-identification when the person adds the name and the selfie as their only identity data. Such a Global ID will have lower score which will
not be enough for some institutions. However, this type of IDs can be accepted by a financial inclusion start-up, like Humaniq, which can limit the transaction volume.

Selective Disclosure

Blockwise Global ID has several ways of secure sharing the identity and personal data and protecting the ownership of it.

Selective ID disclosure. Any part of the ID data can be sent over blockchain to any recipient via the message encrypted to the recipient public key. The recipient is able to confirm the
correctness of the received data by running multi-factor identity check through the Hash Silo.

Know your Customer. Some organizations are required to have a copy of the identity data for the purposes of KYC compliance. For this purpose we suggest creating the copy of the Global ID smart
contract where all the data is encrypted to the recipient public key. The data can be repossessed by deleting the copy.

Personal data disclosure. We use additional off-blockchain layer of symmetric cryptography to protect the personal data. Any part of the data can be encrypted with the key which is stored in the
wallet on the client side. Whenever the owner wants to grant the access to someone, they send the message via blockchain containing the symmetric key encrypted to the recipient public key. The
access is revoked by re-encrypting the data to the different symmetric key.

As an additional security measure, we have created the Smart Access List contract which stores the permissions granted to any party. Every individual ID or personal data contract, when called by
any party, sub-calls the Smart Access List before returning any data to the caller. Smart Access List returns the confirmation of the caller’s rights. This mechanism helps to quickly revoke the
access to the data without re-encrypting it.

Key Reconnection

As mentioned above, the only reliable way to identify the person is the biometry. Therefore, only those Global IDs having the biometric data attached can be reconnected in case of loss or theft
of the cryptographic keys.

The reconnection procedure works as follows: the person gets the new blockchain key pair and visits a Governance Circle organization. The organization re-collects the biometry sample and creates
new Global ID. After that the person sends the message to the special Mayday contract which matches the new ID with the old one by searching the Hash Silo and reconnects the personal data smart
contracts to the new Global ID.

The Mayday contract can also trigger the re-issuance of ERC-20 tokens or re-sending the native pre-mined tokens to the new address.

Use Cases

Human interactions and transactions are moving online and rapidly growing. Social media, shopping, personal finance, wealth management, insurance are just few examples.

More and more customers adopt digital payments through all type of channels, such as phones, contactless cards and even watches. We believe that the trend will continue and the penetration rate
of new payment media will increase.

Customers want to get value for their money and expect personalised experience and highly tailored solutions. This personalisation based on the personal data and behavioural preferences means one
needs to share this data.

It is hard to decide whom to trust and whom to provide your data with when you are not sure how the data will be used. If the data is protected and it is you who ultimately owns it, you feel more
confident sharing it.

The Global ID platform is based on private Ethereum blockchain with POA (proof of authority) consensus algorithm. Ethereum is a mature code base which is ready to be used in production
environments. The main advantage of POA is its high transaction throughput and stability. Currently, there are Ethereum SDK libraries available for most of the programming languages, including
Java, Golang, Python, C++, Rust, Javascript.

Ethereum allows integration of various private solutions between each other. This means the easiness of platform customization and adaptation for any business and regulatory needs.

The solution uses open source libraries and SDKs. The core of the system is based on Solidity smart contracts. Genesis block should be configured with pre-mined native Token (~10^12 ETH) or
ERC-20 specification contract Token.

I don't agree with the proposed idea of an Hash Silo linked to a smart contract. Generally it seems very smart but at the end you have to gather all your data (even biometric data) on a single place,
owned by someone you MUST trust (just like we trusted facebook...). I simply don't trust centralized systems as the Silo.
I still prefer to have my ID data (with my biometric verification) placed in a device (as simple as a smartcard) that I own myself. If verification is needed the smartcard will internally (no data
leaking) verify myself and generate an OTP (as long as you want) as ID confirmation and signature.
More, in the proposed tech you want to use biometry. It seems to me that you want to collect and store biometric data from the users. Ok, I know... it's just a mathematical template, it's scrambled
and everything but I still do not trust ANYONE to have my biometric data. Privacy and biometry are very close and biometric data MUST be owned only by the owner, not stored on server.
There is enough technology to have a personal biometric verification system which is completely anonymous, without the need to store personal data somewhere.